As users require higher and higher radio access rate, wireless local area network (WLAN) emerges accordingly to meet the requirement. The WLAN can provide high speed wireless data access in a smaller range. The WLAN includes various access technologies. At present, IEEE 802.11b is a widely used technical standard. It transmits in the 2.4 GHz band, and the maximum transmission rate may reach 11 Mbps. IEEE 802.11g and Bluetooth technology also transmits in the 2.4 GHz band, of which the maximum data transmission rate of IEEE 802.11g may reach 54 Mbps. Other new technologies such as IEEE 802.11a and ETSI BRAN Hiperlan2 use the 5 GHz band, and the transmission rate may reach up to 54 Mbps.
In spite of various radio access technologies, most WLANs are used to transmit Internet protocol (IP) packets. In general, the WLAN access technology used by a wireless IP network is transparent for the upper-layer IP. The basic principle is that an access point (AP) is used to complete the access of user equipment (UE), network control equipment and connection equipment are connected to form an IP transmission network.
With emergence and development of the WLAN technology, interworking between WLAN and wireless mobile communication networks such as GSM system, CDMA system, WCDMA system, TD-SCDMA system and CDMA2000 system is becoming a research focus currently. In the 3rd Generation Partnership Project (3GPP), a UE may be connected to Internet or Intranet through a WLAN access network. It can also be connected to a home network or a visited network of the 3GPP system via a WLAN access network. To be specific, when a UE accesses to a WLAN locally, it is connected to the home network of 3GPP via the WLAN access network; when the UE is roaming, it is connected to the visited network of 3GPP via the WLAN access network. Some entities in the visited network of 3GPP are connected with corresponding entities in the home network of 3GPP. For example, the authentication, authorization and accounting (AAA) proxy in the visited network of 3GPP is connected with the AAA server which is located in the home network of 3GPP; the WLAN access gateway (WAG) which is located in the visited network of 3GPP is connected with the packet data gateway (PDG) which is located in the home network of 3GPP.
Due to mobility of a user in wireless networks, the user often needs to access services during roaming, which results in the following two situations:
1. When a user is roaming, there may be multiple roaming (or visited) networks available. Due to the agreements between the home network of the user and the roaming networks, the user may not access all of the available networks. In this case, when the user selects a roaming network to access, the home network would authenticate the roaming network. Namely, the home network needs to check whether the user is authorized to access the roaming network selected by the user. In this procedure, in the home network, it involves storage, transfer and use of information of roaming networks which the user are authorized to access.
2. To reduce the possibilities of a user selecting a network which it is not authorized to access, the information of the authorized visited network may be stored in the UE. Due to technical and operational reasons, the information stored in the UE may be nonsynchronous with the current authorized visited networks. In this case, the information of the authorized visited networks stored in the UE need to be updated.
In the prior technology, the information of authorized visited networks for the user to access is stored only in the home subscriber server (HSS). When a user selects a visited network during roaming and initiates an access authentication and/or authorization request, the AAA server initiates a request to the home HSS for obtaining authentication and/or authorization information if it checks that the authentication and/or authorization information for the user is not stored locally.
Based on the stored information of authorized visited networks for the user to access, if the HSS finds that the user is authorized to access the visited network, the HSS delivers at least one group of security parameters for authenticating and corresponding authorization information to the AAA server.
The AAA server stores the security parameters and corresponding authorization information locally.
When the user selects another visited network and initiates an authorization and/or authentication request, the AAA server does not initiate a request for obtaining authentication and authorization information to the HSS after checking that the security parameters for authenticating the validity of the user is stored locally. As the AAA server does not store the information of the authorized visited networks for the user to access, it cannot check whether the user can access the visited network.